In this post we will install Junos Space Network Management Platform virtual appliance for VMware ESX and Security Director. As you might know Space platform is the ground application holding other applications such as Security Director which manages SRX firewalls. Hence it is necessary to install Space platform first and Security Director on top of it. Make sure you have 8GB RAM available in your ESX server. Let’s start the installation:
1) Download the ova image here We are downloading the latest release space-14.1R2.9 at the time of this post.
2) Download the security director here
Latest one available is 14.1R2.6 release which is compatible with the platform release we have downloaded.
The method that I follow currently when adding an SRX cluster to Junos Space/Security Director is as follows;
1) Discover the devices under Platform->Devices->Device Discovery->Discover Targets
by using fxp0 (or management IP addresses) of each device.
Once the devices are added we will have them under device management;
2) Once you go to Security Director->Security Director Devices
You will see that cluster nodes are detected as a single entry (cluster) there.
After this point everything is the same like a normal device import/update for which you can check my other SD post here
If you have confusion about Security Director and Junos Space, here is a simple description of these two;
Security Director (previously known as Security Design) is the application that manages Juniper SRX firewalls. You can think of this as a module which is only responsible for security platforms of Juniper. It is a subset of legacy NSM application as it doesn’t manage e.g EX, MX devices etc.
Junos Space is the platform which hosts all other applications i.e Security Director (SD), Service Now etc. The hosting application is called Network Application Platform.
In this post, I would like to show briefly how you can add an SRX device into Security Director. Let’s begin;
When you login to Junos Space, the application that welcomes you is the Network Application Platform. All user management, device communication, monitoring jobs are handled by this application. For any application to access a device, target device must be imported to the platform first.
Importing a device to the platform
I am doing my tests on 12.3P2.8 release of Space release so your screen may be different than mine. First of all add the device by using the Platform->Devices->Device Discovery->Discovery Targets
If you need to mount an image file as a disk partition you can follow the following steps. I have followed these to mount a junos space disk image indeed. Here are the steps:
#losetup /dev/loop0 space-11.4R1.5.img
Then try to mount:
#mount -t ext2 -o ro,loop space-11.4R1.5.img /mnt/space-disk
mount: Stale NFS file handle
It fails right? To get where the sector starts on this image
space-11.4R1.5.img: x86 boot sector; partition 1: ID=0x83, active, starthead 1, startsector 62, 3890066 sectors, code offset 0x31
Sector is 62 from which we calculate offset as 62*512=31744 and partition id is 83. It is linux and file system type is ext2, now mount!
#mount -t ext2 -o ro,loop,offset=31744 space-11.4R1.5.img /mnt/space-disk
LiveOS ks.cfg lost+found space-11.4R1.5.iso syslinux
Here is the partition content!
There are three username/password pair that you may work with in Junos Space application:
- admin user used for CLI login to Linux (default password during installation: abc123)
- super user used for WEBUI (default initial password: juniper123)
- maintenance user used for maintenance operations and password of which is set by the administrator (i.e there is no default password)
How to change junos space passwords:
1) To change the admin password you can use the CLI menu 1
Welcome to the Junos Space network settings utility.
Initializing, please wait
Junos Space Settings Menu
1> Change Password
2> Set DNS Servers
3> Change Time Options
4> Retrieve Logs
6> (Debug) run shell
R> Redraw Menu
2) If you want to change the super user password, you should use the upper right menu “user preferences” in the main window.
However if you somehow don’t remember the password, you can reset the password in CLI via the following mysql command;
#mysql -u root build_db -e "UPDATE USER set password='ok89Nva6qHxytSHsP8AeLg==' where name='super'"
This should reset the password to “juniper123”. You may need to wait for the change to take effect a couple of minutes.
3) If you want to change the password for the user “maintenance” then you can run the command:
#htpasswd /var/www/maintenance/maintPW maintenance